RepoMirrors/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2024-12-18 01:14:38 +00:00
Code Issues Packages Projects Releases Wiki Activity

BUILD: ssl: use feature macros for detecting ec curves manipulation support

Browse Source 
Let us use SSL_CTX_set1_curves_list, defined by OpenSSL, as well as in
openssl-compat when SSL_CTRL_SET_CURVES_LIST is present (BoringSSL),
for feature detection instead of versions.
This commit is contained in:
Ilya Shipitsin 2020-11-04 00:39:07 +05:00 committed by Willy Tarreau
parent 5b8af1e30c
commit 0aa8c29460
3 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
include/haproxy/ssl_sock-t.h
View File

@ -274,7 +274,7 @@ struct global_ssl {
char *listen_default_ciphersuites;
char *connect_default_ciphersuites;
#endif
#if ((HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL) || defined(LIBRESSL_VERSION_NUMBER))
#if defined(SSL_CTX_set1_curves_list)
char *listen_default_curves;
#endif
int listen_default_ssloptions;

8
src/cfgparse-ssl.c
View File

@ -229,7 +229,7 @@ static int ssl_parse_global_ciphersuites(char **args, int section_type, struct p
}
#endif
#if ((HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL) || defined(LIBRESSL_VERSION_NUMBER))
#if defined(SSL_CTX_set1_curves_list)
/*
* parse the "ssl-default-bind-curves" keyword in a global section.
* Returns <0 on alert, >0 on warning, 0 on success.
@ -703,7 +703,7 @@ static int bind_parse_crl_file(char **args, int cur_arg, struct proxy *px, struc
/* parse the "curves" bind keyword keyword */
static int ssl_bind_parse_curves(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
{
#if ((HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL) || defined(LIBRESSL_VERSION_NUMBER))
#if defined(SSL_CTX_set1_curves_list)
if (!*args[cur_arg + 1]) {
memprintf(err, "'%s' : missing curve suite", args[cur_arg]);
return ERR_ALERT | ERR_FATAL;
@ -1045,7 +1045,7 @@ static int bind_parse_ssl(char **args, int cur_arg, struct proxy *px, struct bin
if (global_ssl.listen_default_ciphers && !conf->ssl_conf.ciphers)
conf->ssl_conf.ciphers = strdup(global_ssl.listen_default_ciphers);
#if ((HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL) || defined(LIBRESSL_VERSION_NUMBER))
#if defined(SSL_CTX_set1_curves_list)
if (global_ssl.listen_default_curves && !conf->ssl_conf.curves)
conf->ssl_conf.curves = strdup(global_ssl.listen_default_curves);
#endif
@ -1877,7 +1877,7 @@ static struct cfg_kw_list cfg_kws = {ILH, {
#endif
{ CFG_GLOBAL, "ssl-default-bind-ciphers", ssl_parse_global_ciphers },
{ CFG_GLOBAL, "ssl-default-server-ciphers", ssl_parse_global_ciphers },
#if ((HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL) || defined(LIBRESSL_VERSION_NUMBER))
#if defined(SSL_CTX_set1_curves_list)
{ CFG_GLOBAL, "ssl-default-bind-curves", ssl_parse_global_curves },
#endif
#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)

2
src/ssl_sock.c
View File

@ -4177,7 +4177,7 @@ int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_
if (ssl_conf_cur)
SSL_CTX_set_alpn_select_cb(ctx, ssl_sock_advertise_alpn_protos, ssl_conf_cur);
#endif
#if ((HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL) || defined(LIBRESSL_VERSION_NUMBER))
#if defined(SSL_CTX_set1_curves_list)
conf_curves = (ssl_conf && ssl_conf->curves) ? ssl_conf->curves : bind_conf->ssl_conf.curves;
if (conf_curves) {
if (!SSL_CTX_set1_curves_list(ctx, conf_curves)) {